When you combine the number of downloads for all these malicious apps you get 1,000,000 to 5,000,000 installations, which is the widest reach reported for any malware yet this year.

The threat is limited to people who have installed apps from the following list (sorted by publisher). You’ll notice that several of the apps are given similar names to legitimate apps. If you have a similarly named app, check the publisher (ex. there are a number of different Hearts Live Wallpaper apps, but the one by iApps7 Inc is the malicious one), because more than likely you have a legitimate app and are not affected.

iApps7 Inc

Counter Elite Force

Counter Strike Ground Force

CounterStrike Hit Enemy

Heart Live Wallpaper

Hit Counter Terrorist

Stripper Touch girl

Ogre Games

Balloon Game

Deal & Be Millionaire

Wild Man

redmicapps

Pretty women lingerie puzzle

Sexy Girls Photo Game

Sexy Girls Puzzle

Sexy Women Puzzle

If you have been affected, Symantec provides removal instructions using their Norton Mobile Security here.

Some of the named apps are still in the Android Market, but will likely be removed soon by Google.

This serves as another reminder to always check the permission requests for carefully for any new app before you install it, especially those made by lesser known publishers. Just because an app is in the Market doesn’t guarantee it is safe, and be especially careful for non-Market apps.

3 Comments

MIUI has permission management thou it sort of violates the market terms. It disables monitor calls by default since almost all apps don’t require it. And if required you can disable specific permissions as well.